Test ID:	1.3.6.1.4.1.25623.1.0.51416
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:633
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:633. The GNU C Library[1] (glibc) is the standard library used by almost any program in a common GNU/Linux system. Riley Hassell of eEye Digital Security published[2] an advisory about a vulnerability[3][4] in the XDR library used by many different systems, including glibc. The xdrmem_getbytes() function (and other functions of the xdrmem_* script_family() contains an integer overflow which can be exploited by remote attackers to crash applications which use these functions or even run arbitrary code. The Common Vulnerabilities and Exposures project has assigned the name CVE-2003-0028 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:633 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High CVSS Score: 7.5
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0028 Bugtraq: 20030319 EEYE: XDR Integer Overflow (Google Search) http://marc.info/?l=bugtraq&m=104810574423662&w=2 Bugtraq: 20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes (Google Search) http://marc.info/?l=bugtraq&m=104811415301340&w=2 Bugtraq: 20030319 RE: EEYE: XDR Integer Overflow (Google Search) http://www.securityfocus.com/archive/1/315638/30/25430/threaded Bugtraq: 20030325 GLSA: glibc (200303-22) (Google Search) http://marc.info/?l=bugtraq&m=104860855114117&w=2 Bugtraq: 20030331 GLSA: dietlibc (200303-29) (Google Search) http://www.securityfocus.com/archive/1/316931/30/25250/threaded Bugtraq: 20030331 GLSA: krb5 & mit-krb5 (200303-28) (Google Search) http://www.securityfocus.com/archive/1/316960/30/25250/threaded Bugtraq: 20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03) (Google Search) http://marc.info/?l=bugtraq&m=105362148313082&w=2 Caldera Security Advisory: CSSA-2003-013.0 http://www.cert.org/advisories/CA-2003-10.html CERT/CC vulnerability note: VU#516825 http://www.kb.cert.org/vuls/id/516825 Debian Security Information: DSA-266 (Google Search) http://www.debian.org/security/2003/dsa-266 Debian Security Information: DSA-272 (Google Search) http://www.debian.org/security/2003/dsa-272 Debian Security Information: DSA-282 (Google Search) http://www.debian.org/security/2003/dsa-282 eEye Security Advisory: AD20030318 http://www.eeye.com/html/Research/Advisories/AD20030318.html En Garde Linux Advisory: ESA-20030321-010 http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html FreeBSD Security Advisory: FreeBSD-SA-03:05 http://www.mandriva.com/security/advisories?name=MDKSA-2003:037 NETBSD Security Advisory: NetBSD-SA2003-008 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230 http://www.redhat.com/support/errata/RHSA-2003-051.html http://www.redhat.com/support/errata/RHSA-2003-052.html http://www.redhat.com/support/errata/RHSA-2003-089.html http://www.redhat.com/support/errata/RHSA-2003-091.html SuSE Security Announcement: SuSE-SA:2003:027 (Google Search) http://www.novell.com/linux/security/advisories/2003_027_glibc.html http://marc.info/?l=bugtraq&m=104878237121402&w=2 http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.